Getting Shells

Getting shells is awesome, but there is a reason why you don't want to just run cmd.exe as the executable to run. Impacket has a special thing it does when you leave the executable off that allows for uploads and downloads, which cmd.exe

Basic Shell

The basic shell in wmiexec.py is essentially %COMSPEC% / cmd.exe with one tine difference, you can upload and download directly from it. This holds a lot of weight when you think about the capabilities to authenticate that Impacket has (password/hashes/kerberos).

Useful combos

Web Delivery plus WMIEXEC through a Metasploit socks4a Proxy

First, we assume that you already have a single shell, one way or another into a corporate network. The internal range used by the network you've gotten a shell on is 172.16.102.0/24 and you are running as an admin.